Network technology has developed and widely applied to facilitate secure transactions among different users. A merchant publishes product information on a product platform that is enabled by a product server managed by the merchant. When a customer implements a user action to purchase a product displayed on the product platform, a payment is arranged from a first financial account owned by the customer to a second financial account owned by the merchant in exchange for the purchased product.
Specifically, during the course of implementing a secure transaction, a client device associated with the customer displays information concerning at least one product provided by a product server of a merchant. After detecting a user action (e.g., a user selection) on a product, the client device sends a transaction server (most probably via the product server of the merchant) a product purchase request to purchase the product. The transaction server receives the product purchase request according to which the transaction server obtains detailed product information (e.g., options of colors or sizes), and provides the detailed product information concerning the selected product to the client device. The client device displays the detailed product information concerning the selected product, and receives a user input (e.g., a transaction confirmation, user selection of product options) based on the displayed detailed product information concerning the selected product. Upon receiving the user input about the purchased product, the transaction server modifies the product purchase request according to the user input, and sends the modified product purchase request to the client device again. The client device confirms the modified product purchase request, and then provides financial account information of the customer to the transaction server probably via the merchant's product server. Then, the transaction server transfers a monetary resource from the first financial account owned by the customer to a second financial account owned by the merchant. After the financial transfer is successfully completed, the transaction server authorizes the merchant to transfer the product to the client device.
For example, the product is a “camera”, the detailed product information displayed on the client device includes a “camera color”, a “camera price”, a “camera quantity”, and the like. If the customer confirms the purchase of the camera, the client device sends the user input of “red” color, the quantity of “1” and the customer account information to the transaction server. The server modifies the product purchase request according to the user input and sends the modified product purchase request to the client device. The client device displays the modified product purchase request and waits for the customer's confirmation of the purchase request. Only when it receives the customer's confirmation, the transaction server authorizes the financial payment from the customer's account to the merchant's account, and the product from the merchant to the customer.
However, the above method of processing the purchase request is inherently plagued with some security issues. Specifically, the transaction server processes the financial account information (e.g., account name and account password) of both the customer and the merchant to determine whether the customer could properly pay for the purchase request and whether the merchant could transfer the purchased product to the customer. This transaction server could be owned by the merchant or have to work with the product server of the merchant. In some situations, a hacker disguises a malicious server as a product server to provide product information for the purpose of attracting potential hacking targets. The malicious server would fish for sensitive information during the purchase transaction and compromise the security of the client devices and the financial accounts associated with the customers.